Search

Pod Slurping – An easy technique for stealing data

The problem with uncontrolled use of iPods, USB sticks and flash drives on your network. A common misconception is that perimeter security measures such as firewalls and anti-virus software are enough to secure corporate data residing on the corporate network. In this white paper, we explore how the uncontrolled use of portable storage devices such as iPods, USB sticks, flash drives and PDAs, coupled with data theft techniques such as ‘pod slurping’, can lead to major security breaches.

Pod slurping: How can insiders steal your data?

iPods - if in wrong hands can do more damage

Developments in portable device and data storage technology are escalating. The latest versions of MP3 players and flash memory devices have huge storage capabilities; yet these gadgets are small enough to easily conceal and sneak in behind the corporate line of defence. Further to this, easy connectivity and high speed data transfer has become increasingly more widespread – a user may simply plug the device into a USB or FireWire port and they are up and running – no drivers or configuration required! In practice, this means that a data thief can get away with even more precious data, and a negligent employee can dump more viruses onto the corporate network even when connecting for only a short time. iPod is just one example of such portable contraptions. At a glance it is an innocent-looking portable audio device. However under the hood it boasts up to 60 GB of portable storage space; practically large enough to store all the data found in a typical workstation. This means that a malicious insider can use an iPod to covertly take out (i.e. ‘steal’) proprietary data and millions of financial, consumer or otherwise sensitive corporate records at one go!

Gartner analysts Contu and Girard (2004) warned of the security risks associated with the uncontrolled use of portable storage devices within corporations. Today, information theft has become a plague on modern society; data leakage, data ciphering, and data disclosure incidents are all but some of the terms used by security experts to refer to information theft. However, the most original term so far is probably the term ‘pod slurping’ that was coined by US security expert Abe Usher (2005).

Pod slurping: An easy technique for stealing data

Usher uses the term ‘pod slurping’ to describe how MP3 players such as iPods and other USB mass storage devices can be easily used to steal sensitive corporate data. “There are dishonest people in the world”, says Usher, “many of them work at many companies – and these USB devices make it rather trivial to steal huge amounts of data” (Schick, 2006). To demonstrate the vulnerability of corporate security, Usher developed a “proof of concept” software application that can automatically search corporate networks and copy (or “slurp”) business critical data onto an iPod. This software application runs directly from an iPod and when connected to a computer it can slurp (copy) large volumes of corporate data onto an iPod within minutes. What’s more is that slurping is not limited to iPods and MP3 players alone. All portable storage devices can be used to slurp information; digital cameras, PDAs, thumb drives, mobile phones and any other plug-and-play devices which have storage capabilities! Data slurping is a very simple automated process and does not require any technical expertise; a user may plugin the portable storage device to a corporate workstation and by the time it takes to listen to an MP3, all the sensitive corporate data on that workstation is copied to the portable storage device.

Insider information theft is a real problem

Information theft has now become a major concern for every organization and thus data leakage prevention is slowly taking up a bigger portion of the IT budget. This drive is attributed to two factors: The wave of malevolent threats that is hitting every industry and the increase in regulatory requirements which demand more protection and tighter controls over client records and other confidential information. More stringent controls and severe penalties are forcing organizations to address regulatory compliance more seriously. In January 2006, the Federal Trade Commission charged commercial data broker ChoicePoint Inc. a settlement fee of 15 million dollars for leaking consumer data and violating consumer privacy rights (Federal Trade Commission, 2006). A misconception shared by many organizations is that security threats mostly originate from outside the corporation. In fact, countless dollars are being spent every year on firewalls and other solutions that secure the corporate perimeter from external threats. However, statistics show that internal security breaches are growing faster than external attacks and at least half of security breaches originate from behind the corporate firewall. Unfortunately, corporate insiders are the first and easiest route to evade perimeter security. The trusted position of corporate employees and their constant exposure to corporate data makes detecting and stopping of data theft an enormous challenge – especially in environments where corporate data is largely distributed!

Why would insiders want to slurp information?

Is your computer safe from insider theft.

Corporate data can be profitable in various ways; blueprints, engineering plans, tenders, pricelists, source code, database schemas, sound files, lyrics and much more – all this valuable intellectual property may be exploited
by individuals or corporations to gain economical and business advantage over their competitors. The 2006 CSI/FBI survey indicates theft of intellectual property as having the fourth highest economical effect over organizations (Gordon et al., 2006). Malicious perpetrators may also steal sensitive consumer information such as medical and financial records from a company and divulge it to the public. This would damage the company’s reputation as well as make it liable to legal prosecution for violating consumer privacy rights. In a nutshell, malicious intent, monetary gain and curiosity are probably the major motives behind information
theft. Anyone is an enemy for a price and thus perpetrators can be various. Disgruntled employees that believe they are disrespected or exploited by their employers may take advantage of their trusted position and sell
corporate plans and other sensitive information to direct competitors. Former employees who feel they have been unfairly dismissed may use their inside knowledge or exploit internal relationships to access, steal and
publicly expose consumer information and damage the company. Trusted insiders can also turn into paid informers and engage in industrial espionage, data warfare or other extensive fraudulent activities such as
‘identity theft’. The term ‘identity theft’ refers to crimes in which someone obtains and uses the personal details of another person (e.g. social security or credit card number) to commit criminal acts, usually for financial gain. To date it is the fastest growing crime in the United States. It was estimated that identity theft victims amounted to around nine million adults in the U.S. in 2005 (Johannes, 2006).

How can corporations mitigate the risks of information theft?

The key advantage of iPods and similar portable storage devices is easy access. In theory, this may be of great advantage for corporations. However, it is a well-reported fact that access and security are at opposite ends of
the security continuum. The reason is that you never know what users may be doing with their portable devices. An employee might appear to be listening to music on his iPod, but actually he or she might be uploading malicious files or slurping gigabytes of valuable corporate data. A possible solution to avoid information theft is to implement a corporate-wide portable storage control policy. To mitigate the security risks, some experts and researchers suggest conventional courses of action such as the physical blocking of ports, stringent supervision as well as drastic actions such as the total ban of iPods and similar devices from the workplace. However, this is not the best practical approach. Portable storage devices can be beneficial tools for the corporate workforce and a blanket ban would be counter-productive. In addition good practice dictates that you must never rely on voluntary compliance.

It seems that everyone reads about the latest tax-saving tips just prior to filing their returns. At this point, it’s often too late to do much about your pending tax bill. You can, however, start saving on your personal income tax bite during the year and make additional strategic moves as the year-end approaches. Here are some basic tips for saving on your taxes.

1. Keep all business-related receipts:

Keep track of what the receipts are for, and save them in a safe place.

2. Claim deductions:

Many people neglect to carefully look for, and claim, all the deductions to which they’re entitled. By simply taking the standard deduction, you may miss out on other available deductions.

3. Take all applicable tax credits :

Tax credits may be granted for various types of taxes (income tax, property tax, VAT, etc.) in recognition of taxes already paid, as a subsidy, or to encourage investment or other behaviors.

4. Take a loss:

If you’ve done well with your investments and are looking at significant capital gains, prior to year-end is the time to offset some of those gains by selling a losing venture.

5. Consider tax-free investments:

Returns are not very high, but if you’re looking for a safe, tax-friendly investment, consider tax-free government or municipal bonds, among other such investments. This type of investment is particularly good for a high-income individual.

6. Remember charitable donations:

Donations not only save your tax but helps the needy

While donations should not be made simply for tax purposes but for philanthropic reasons, you can always make a couple more at the end of the year to lower your tax bite. Remember to get receipts.

7. Gift if you can:

This is typically for retirees with significant assets who want to gift money now rather than leave it for estate taxes later.

8. Max out your retirement plan contributions:

Of course, by doing so you’re assuming that your personal income will be lower when you withdraw the money. While that may or may not be the case, it’s safe to say that if there are a number of years until you start taking distributions, the tax laws will likely change many times over between now and then, hopefully in your favor.

9. Put your (mature age varies from country to country) children on the payroll:

By having them do some work for you, you’ll be able to shift some of your income that would be taxed at a higher rate to their lower tax bracket without being hit with kiddie taxes. Be careful, however, because college financial aid could be affected by their income.

10. Double-check your work:

Errors in tax preparation and on tax returns account for millions of dollars that taxpayers could saved every year. Remember to double-check everything.

Buying stock in a company is relatively easy once you’ve researched the stocks you’re interested in and have a broker or brokerage account to handle your purchase. Choose your stocks with care and research before you buy anything, but keep in mind that the stock market could crash at any time for numerous reasons.

Step 1 :

Educate yourself fully about stocks before purchasing them. You can find information about stocks and brokers on the Internet.

Stock Exchange

Step 2 :

Determine what you want in a broker or brokerage account. Do you want to meet with someone face-to-face? Will you want to be able to reach someone by phone? Do you require Internet access? Is price your only consideration? Do you want to buy and sell only stocks, or would you also like to buy and sell mutual funds, bonds or foreign stocks?

Step 3 :

Choose a broker or brokerage firm to purchase the stocks on your behalf based on your needs. Need a lot of advice? Start with a full-service brokerage. The least expensive brokers may not offer advice. Fairly confident and want low prices? Try an online brokerage.

Brokerage Firm

Step 4 :

Contact a broker or firm and request an application. Many firms offer online applications, although most require that you send a check or wire money to actually open the account.

Let’s get started. Getting a girl of your dreams is much like getting the car of your dream. But unlike a car which you can always bargain for, there is nothing like a 20 percent discount in courting the girl of your dreams, she’s so sweet a thing to be discounted, you dearly are in love with her and your feelings for her can only be communicated not by the words of the mouth, but by the words of the heart. Getting the girl actually depends on how big your heart is – faint heart, never won fair lady.

The first dating idea for any man is to make a good impression. In your doing so, you don’t have to talk, dress or do the common things that all the Toms do to get a decent girl’s attention. Be unique, that’s all you need. Be a man of his own style. Dress decently – indecency can make one be mistaken for arrogance; watch your language – obscene language gives the impression of immaturity, being uncultured and cheap; be a man of good habits – don’t drink or smoke like any other loser.

How to make her fall in love with you?

Take your time. Add some romance to your dating style. When in College I had a crush on the most beautiful lady in our first year lot. Though all senior guys were out to get that girl, I managed to divert her attention from the other guys. I wrote her three letters without disclosing my identity and slid into her room secretly; all I said was ‘Yours Secret Admirer.’ The first letter contained the meaning of her name, this I got by playing around with the initials of her name to make meaning. The second was a funny message that could only be read backwards and it was all about her physique and her smartness. In the third letter I told the girl to be ready to receive a rose flower from her admirer, but only if she could be kind enough to phone him using a number that I had included in the letter. The girl did phone me that very night, and her first words to me were, “Hallo Secret Admirer.” So, the story of our love affair came to be. Later she told me that was so creative of me, no one had approached her in that manner. I made her fall in love with me and made a date in the romantic manner.

Befriending and understanding the girl you are out to get is the next important thing.

This is what I also did. You have to understand that as a lady, she loves to be loved, adores to be adored and needs to be needed. This will move you closer to the girl and you’ll get to know what she’s into, what she likes and dislikes, and what her style is. Love is built upon friendship and it always leaves individuals better off having known each other should they break up. I and my College steady were to break some time later but to date, we are the best of buddies. Be sure that bringing out the selflessness friend in you will make her create room for you in her heart.

A shoulder to lean on and some good friend that she can always turn to is all that a lady wants. Please don’t hesitate to be helpful and supportive. Be that friend who rekindles her zeal of hardworking and restoring hope back into her life when she looses hope. This above all other things will make you her daily vitamin simply because you bring out the best in her in terms of personality and character. In you, she’ll have found that friend whom she can open up to, share with and advice each other on the rights and wrongs, the dos and don’ts of life. Don’t forget to always be there to celebrate the good times, and to lend an ear when the girl needs you to listen as a friend.

Make the girl feel special; because she’s someone’s friend – your friend, and let her know that she too has touched your life in a unique way like no one else could. Compliment her for her company and for being there when you needed her, when you felt sad and all alone. Show appreciations for the comfort the girl offers you and for making you smile.

In your day to day talks, share your dreams, your world, and every aspect of your life with your girl. Always dream with her, build with her, and always cheer her on and encourage her. Tell your girl how you always think about her even when you try not to think about her. Let the girl know that she’s your first thing in the morning and the last thing when you go to bed at night.

Her knowing that you were thinking of her when you slipped beneath the softness of your blanket and gave in to the bliss of sweet dreams, will make her go ‘my my’ and her heart will sing your name all the year round.

You have to be creative and constructive to keep girl’s interest in you so full of life.

Never fail to phone her, even when she least expects it. I once called some girl that I was interested in at four o’clock in the morning. When inquiring of what I was doing up so early, I told her I was in thirteenth heaven, where people think of their loved ones when they can’t sleep. Wow! First thing early the next morning, she was at my door with a king-sized hug for me. No matter how many dates you take her, don’t make any elbow – exceeding moves after any date, just drop her home and with a friendly handshake, wish her good night. Don’t kiss her when she expects you to. Your respect as a gentleman will be earned on how patient you are with her when it comes to such matters as kissing her and accessing her inner graces.

The writing is on the wall that you want her, but you can’t have her just yet. Increase your demand. Try to show her that men are also hard to get at times. Make her realize that when she feels a little dizzy, a little tired, a little sad, a little sick, a lot bored and very much cold, she’s actually missing vitamin you. By this time, she’ll be so much into you and since love is truthful and is characterized by open and honest communication, honestly promise her your everlasting devotion, loyalty, respect, and your unconditional love for a lifetime. Prove to her that you’ll always be there for her, to listen and to hold her hand, and that you’ll always do your best to make her happy, and feel loved.

Remember, patience is the key to her heart; be like that gardener watching a fruit as it hangs on the tree, day after day admiring it, but, exercising tremendous self-discipline, neither feeling the fruit, nor pinching it, nor testing it to see if it is ready. And then, one day he holds out his hand and the fruit simply drops into it, ripe, warm and eager to be eaten.

The patience and self-control which you practice will make you more attractive and charming. This will qualify you as her daily vitamin and win you that heart hers.

Do you know you can save as much as 65% on your new car’s insurance? Your insurance agent will never tell you that you can transfer a No Claim Bonus (NCB) from your old car, but my friend Shruti paid only Rs.10,700 for Rs.27,000 worth of comprehensive insurance for her new car. SHe just transferred the NCB from her old Maruti Zen to reduce the cost of insurance for her Honda City Vtec. Why didn’t his friendly agent volunteer information about this remarkable deal? Because the more a buyer pays the insurance company, the more commission its agent makes.

Most Indian car buyers negotiate on financing, dealer discounts and freebies but forget about the insurance component.

Sanjeev Nanda shows you how to use the NCB to save on your insurance premium:
1. When you sell your old car: The biggest mistake people make is transferring the insurance lock stock and barrel when selling a car. Ensure that ownership is transferred and make a photocopy of the new entry in the RC book for insurance purposes.

2: Obtain the NCB certificate: Forward a copy of the delivery note to your insurance company and ask for the NCB certificate or holding letter. This letter is valid for three years; you may find it easiest to go to your insurer’s local office to pick it up in person.
3: Use the NCB: Forward the NCB letter to your new car’s dealer. Voila! You have just transferred the NCB to your new car insurance and saved a bundle.

Remember to shop around; manufacturers’ insurance schemes are much cheaper than regular insurers’. In one case, insurance for an old Maruti 800 was quoted at Rs.4,800 when the official Maruti insurance was available for just Rs.2,800.

Another process, if you are happy with your existing insurance company, is to go to the insurer with your new car invoice and chassis number. The agent should use your NCB to offer a reduced premium and give you a cover note on the spot. The dealership will need this cover note to register your car with traffic authorities.